Endpoint Security Controls and the Insider Threat

Endpoint Security Controls and the Insider Threat

At your financial institution, what would you consider as your worst threat for data loss? Hackers? Let’s face it, everyone who is trying to breach your defenses really just wants to join those insiders who are already running amuck on your network. If you’re not cognizant of the insider threat in your institution you will need to rethink your security strategy.

Knowing where and when your employees are accessing data means watching your endpoints. Endpoint controls can play a key role in preventing or reducing the insider threat, says Ari Tammam, an information security company executive. Financial institutions are doing a better job than many other companies because of the regulatory compliance that goes along with being a financial institution, but the threat is still present.

The CSI/FBI reports in recent years have all pointed to the fact that most attacks are coming from inside the network. Tammam, the channel vice president at Promisec, pointed to one of the FBI insider threat studies and noted, “Some endpoints are overlooked. Financial institutions are more conscious of endpoint security, but they still have to give their employees some leniency in order to get their jobs done. The trick to detecting insider fraud is to look at not just what they’re opening and looking at in documents, but the context of what they’re doing with that information,” he said. “Realize every institution has a set of user rules (or acceptable use policy) that must be enforced and repeated to the employees, so they know absolutely where they can and cannot go.”

The best example for a financial institution’s “unknown” endpoint is the wireless network running outside of the institution, but which can attract endpoints that are left on by default, on laptops or other devices that are also connected to the institution’s network. “Therefore it opens the institution’s network to the possibility of data leaving the institution, absolutely without anyone knowing that it’s going out,” he explained.

Other endpoints that may not be secured at financial institutions and could make a network vulnerable include the mobile devices that management and bank executives rely on, including PDAs. “These aren’t new to institutions, and most are now adequately protected, an institution will decide on a single type of device, and standardize the security protocols to protect it, and won’t allow any others to operate on their network.”

Shared folders on the other hand, have a great potential for compromised data, he said. “For large projects, it’s easy to have information in shared folders, it facilitates information flow.” But as sure as that flow begins, it’s hard to stop. “What if you accidentally save some sensitive or classified information, to that shared folder, and that’s just by technical or human error, not intentional. But now it has been made available to everyone,” Tammam said, adding a recent example where military information was leaked out in Japan about a U.S. missile defense system, was the latest in the data breach brigade marching out on endpoints. (Whether this breach was accidental, in that the wrong file was copied, or intentional is still under investigation by both U.S. and Japanese officials).

Tammam recommended institutions run audits on their networks on a regular basis to find the hidden endpoints and other vulnerabilities that are on it, and with the findings of those regular audits also stress awareness/education of the institution’s staff to avoid future security compromises.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.